In a typical purchase transaction, a consumer may use a portable consumer device to buy goods or services from a merchant. The consumer's PAN or primary account number may be stored in a memory on the portable consumer device. The PAN may be read at a point of sale terminal operated by a merchant, and the PAN and other information may be transmitted to the issuer of the portable consumer device along with other transaction information such as the amount of the purchase, etc. Once received, the issuer may then decide whether or not the consumer is authorized or not authorized to conduct the purchase transaction.
In conventional purchase transactions, the PAN is not encrypted when it passes from the portable consumer device, to the point of sale terminal, and to the issuer. The non-encryption of the PAN is not a major issue in view of current network security and fraud detection mechanisms. However, it would be desirable to add upfront security to existing payment systems. For example, if the PAN gets intercepted by an unauthorized person during the transmission of the PAN from the point of sale terminal to the issuer, the unauthorized person could use the PAN to make unauthorized purchases. Thus, new ways to provide for secure transmission of the PAN to the issuer or other entity are desirable.
Embodiments of the invention address these and other problems individually and collectively.